Employer monitoring of electronic communications is an active area of the law that is clearly unsettled, even though 130 million workers send 2.8 billion e-mail messages each day. Thus, privacy issues in the workplace are becoming more complex.
“The $64,000 question is how much privacy does an employee really have when he is sitting at a desk in an office provided by his employer, particularly when he is using communication equipment or electronic systems provided by his employer,” asks Steven I. Farbman, Of Counsel to Jackson Lewis LLP.
“It’s an important question because new technologies have been developing so rapidly, and people are becoming more and more comfortable using these technologies outside of work. What are the limits to their use while at work?”
Smart Business talked with Farbman about how to protect your company from litigation involving employee privacy issues.
In what legal arenas can employee privacy problems arise?
Privacy issues can be implicated in any number of areas, from the obligation to protect Social Security numbers and private health information to the monitoring of job activity. Most people think of employee privacy issues in terms of the latter, which can run the gamut from e-mail and Internet usage to blogging, instant messaging, telephone use and even video surveillance.
For public or government employees, there is a clear right to privacy that comes directly from the U.S. Constitution and the Bill of Rights. However, that right does not apply to employees of private, non-government employers. Over the years, a number of federal and state laws have been enacted that address privacy rights in all workplaces. Among these are the federal Electronic Communications Privacy Act of 1986 (ECPA), which generally prohibits the ‘interception’ of electronic communications, and the Stored Communications Act, which prohibits unauthorized intrusions into stored electronic information. A number of states have enacted wiretapping statutes, which generally prohibit the recording of conversations without consent. Beyond this, the common law right of privacy is being defined and refined in the courts on a case-by-case basis.
Are there exceptions to these federal laws?
Employer monitoring of employee e-mails and Web site access generally will not run afoul of the ECPA for two reasons. First, such employer monitoring likely does not meet the ECPA’s definition of ‘intercept.’ Second, the ECPA contains an ‘ordinary course of business’ exception that gives an employer the right to access an employee’s e-mail if the messages are maintained on a system provided by the employer.
However, the employer’s interception must be in the ordinary course of business, a standard that is not necessarily satisfied simply by maintaining a general policy of monitoring. This ‘ordinary course of business’ exception also applies to the monitoring of employee telephone calls.
The Stored Communications Act has an even broader exception. An employer may access stored e-mails on electronic services it provides. But, this exception is not universal. For example, there is no protection for intrusion on systems hosted by third parties, such as when an employee accesses his or her own personal Web-based e-mail account through the company system. For this reason, employers should be wary of accessing information not contained on their internal networks without the user’s authorization.
How can employers protect themselves from litigation over employee privacy rights?
The touchstone in analyzing this type of litigation is whether an employee had a reasonable expectation of privacy in his or her use of the company’s technology. Therefore, employers should strive to appropriately limit or reduce the employee’s expectation of privacy without significantly and negatively impacting employee morale. This can be done with a detailed and clearly written electronic communications policy.
Such a policy not only should explain what systems are available, but also should spell out the employee’s obligations and put employees on notice that, among other things, the company equipment, including telephones, computers and electronic systems, is designed primarily for business use only; and the company has the right to access and monitor those systems, including the e-mail system. Also, do not communicate to employees that the systems are strictly for business usage, because the National Labor Relations Act protects certain communications between employees that may otherwise be chilled by such a restriction.
Historically, how have courts balanced an employee’s right to privacy against an employer’s right to protect the company?
The courts try to balance the employer’s right to information about its employees and their job-related activities against the employee’s reasonable expectation of privacy in the workplace, and they do this on a case-by-case basis. In one case, an employer committed to employees that all e-mail would remain confidential and privileged, yet its IT department accessed e-mails and found evidence that led to the termination of an employee. The court still found that, on the particular facts, there was no ‘reasonable expectation of privacy’ in that case.
Many similar cases suggest that the rights of employers in this area are not to be minimized. Broad judicial interpretations of enacted privacy legislation favor legitimate monitoring practices by employers, and many elements of common law claims are difficult for employees to prove.
STEVEN I. FARBMAN is Of Counsel to Jackson Lewis LLP. Reach him at (412) 232-0219 or firstname.lastname@example.org.